1. Field of the Invention
Methods and apparatuses consistent with the present invention relate to security using a self-generated encryption key, and more particularly, to a security method which can prevent leakage and the altering of confidential data by using a self-generated encryption key, and a security apparatus using the same.
2. Description of the Related Art
Recently, multimedia systems, such as home servers, need a security apparatus for improving security. Such a security apparatus must boot operating system (OS) images recorded on a nonvolatile storing medium in the system without any alteration thereof, and must prevent leakage and alteration of confidential data, such as an important application and an execution key for executing the important application.
To protect confidential data, related art security apparatuses store the pre-encrypted confidential data in a nonvolatile storing medium, and store a decryption key and an authentication program for checking the integrity of the OS images in an internal storing medium which rejects external access.
FIG. 1 is a block diagram illustrating a related art security apparatus. Referring to FIG. 1, the related art security apparatus includes a security unit 110, a global bus 120, a nonvolatile memory 130 and a central processing unit 140.
The security unit 110 protects confidential data, and includes a reduced instruction set computing (RISC) processor 112, and a one time programmable (OTP) memory 114.
In order to use the confidential data, the RISC processor 112 decrypts the encrypted confidential data stored in the nonvolatile memory 130 through the global bus 120 by using a decryption key which is pre-stored in the OTP memory 114. The RISC processor 112 authenticates OS images stored in the nonvolatile memory 130 by using a hash value included in an authentication program which is pre-stored in the OTP memory 114. The OTP memory 114 stores the decryption key for decrypting the encrypted confidential data and the authentication program and rejects external access.
The nonvolatile memory 130 stores the encrypted confidential data and the OS images, and the central processing unit 140 executes the OS images authenticated by the RISC processor 112.
Accordingly, the hash value and the decryption key are pre-generated and stored in the OTP memory 114, which increases a leakage probability.
In the case that the decryption key or the hash value is leaked, since the OTP memory 114 rejects external access, the decryption key or the hash value cannot be updated. As a result, the OS images cannot be modified or updated. When the contents of the OTP memory 114 are intended to be changed, a chip on which the OTP memory 114 is mounted or a system board must be replaced.